Lucene search
GoogleOSV:GHSA-FJ69-P8F6-Q97HHistoryMay 13, 2022 - 1:07 a.m.
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
2022-05-1301:07:02
Google
osv.dev
2
cloud foundry
runtime
weak password
recovery
vulnerability
uaa
internal user store
saml
ldap
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions prior to 2.2.5 and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
References
github.com/cloudfoundry/uaa
github.com/cloudfoundry/uaa/commit/a79b89f6e4f66626914b029b7a15a423491f8013
github.com/cloudfoundry/uaa/commits/2.2.5
github.com/cloudfoundry/uaa/compare/2.2.4...2.2.5
github.com/cloudfoundry/uaa/compare/2.2.5...2.2.6
nvd.nist.gov/vuln/detail/CVE-2015-3189
pivotal.io/security/cve-2015-3189
Related
prion
prion
Authentication flaw
2017-05-25 17:29:00
cve
cve
CVE-2015-3189
2017-05-25 17:29:00
cloudfoundry
cloudfoundry
CVE-2015-3189 - Expire old reset password links | Cloud Foundry
2015-06-25 00:00:00
github
github
cvelist
cvelist
CVE-2015-3189
2017-05-25 17:00:00
nvd
nvd
CVE-2015-3189
2017-05-25 17:29:00